POPULARITY
???? Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — Unnatural European Fridges03:34 - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin' Bout [infosec] News 2025-09-2204:14 - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens21:32 - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages40:50 - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence51:41 - Story # 3: Verified Steam game steals streamer's cancer treatment donations57:16 - Story # 4: Heathrow warns of second day of disruption after cyber-attack
Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow
On this week's show Patrick Gray and special guest Rob Joyce discuss the week's cybersecurity news, including: Secret Service raids a SIM farm in New York MI6 launches a dark web portal Are the 2023 Scattered Spider kids finally getting their comeuppance? Production halt continues for Jaguar Land Rover GitHub tightens its security after Shai-Hulud worm This week's episode is sponsored by Sublime Security. In this week's sponsor interview, Sublime founder and CEO Josh Kamdjou joins host Patrick Gray to chat about the pros and cons of using agentic AI in an email security platform. This episode is also available on YouTube Show notes U.S. Secret Service disrupts telecom network that threatened NYC during U.N. General Assembly MI6 launches darkweb portal to recruit foreign spies | The Record from Recorded Future News One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens | dirkjanm.io Github npm changes Flights across Europe delayed after cyberattack targets third-party vendor | Cybersecurity Dive Major European airports work to restore services after cyberattack on check-in systems | The Record from Recorded Future News When “Goodbye” isn't the end: Scattered LAPSUS$ Hunters hack on | DataBreaches.Net UK arrests 2 more alleged Scattered Spider hackers over London transit system breach | Cybersecurity Dive Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News Las Vegas police arrest minor accused of high-profile 2023 casino attacks | CyberScoop DOJ: Scattered Spider took $115 million in ransoms, breached a US court system | The Record from Recorded Future News vx-underground on X: "Scattered Spider ransoms company for 964BTC - wtf_thats_alot.jpeg - Document says "Cost of BTC at time was $36M" - $36M / 964BTC = $37.5K - BTC value was $37.5K in November, 2023 - Google "Ransomware, November, 2023" - omfg.exe https://t.co/uv2EzbL5HT" | X JLR ‘cyber shockwave ripping through UK industry' as supplier share price plummets by 55% | The Record from Recorded Future News Jaguar Land Rover to extend production pause into October following cyberattack | Cybersecurity Dive New plan would give Congress another 18 months to revisit Section 702 surveillance powers | The Record from Recorded Future News AI-powered vulnerability detection will make things worse, not better, former US cyber official warns | Cybersecurity Dive
Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow
Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow
Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow
Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow
Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow
Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow
Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow
In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek demonstrates the difficulty in reviewing models, curl reduces risk by eliminating code, preserving the context of code reviews, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-349
In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek demonstrates the difficulty in reviewing models, curl reduces risk by eliminating code, preserving the context of code reviews, and more! Show Notes: https://securityweekly.com/asw-349
In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek demonstrates the difficulty in reviewing models, curl reduces risk by eliminating code, preserving the context of code reviews, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-349
In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek demonstrates the difficulty in reviewing models, curl reduces risk by eliminating code, preserving the context of code reviews, and more! Show Notes: https://securityweekly.com/asw-349
A major ransomware attack disrupts airport operations across Europe. Congress is on the verge of letting major cyber legislation expire. A critical flaw nearly allowed total compromise of every Entra ID tenant. Automaker Stellantis confirms a data breach. Fortra patches a critical flaw in its GoAnywhere MFT software. Europol leads a major operation against online child sexual exploitation. Three of the cybersecurity industry's biggest players opt out of MITRE's 2025 ATT&CK Evaluations. A compromised Steam game drains a cancer patient's donations. Business Breakdown. Andrzej Olchawa and Milenko Starcik from VisionSpace join Maria Varmazis, host of T-Minus Space on hacking satellites. How one kid got tangled in Scattered Spider's web. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Andrzej Olchawa and Milenko Starcik from VisionSpace are speaking with Maria Varmazis, host of T-Minus Space on hacking satellites. Selected Reading EU cyber agency says airport software held to ransom by criminals (BBC News) Cyber threat information law hurtles toward expiration, with poor prospects for renewal (CyberScoop) Microsoft Entra ID flaw allowed hijacking any company's tenant (Bleeping Computer) Stellantis says a third-party vendor spilled customer data (The Register) Fortra Patches Critical GoAnywhere MFT Vulnerability (SecurityWeek) AI Forensics Help Europol Track 51 Children in Global Online Abuse Case (HackRead) Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test (Infosecurity Magazine) Verified Steam game steals streamer's cancer treatment donations (Bleeping Computer) CrowdStrike and Check Point intend to acquire AI security firms. (N2K CyberWire Business Briefing) ‘I Was a Weird Kid': Jailhouse Confessions of a Teen Hacker (Bloomberg) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Cybersecurity Today: Major Vulnerabilities and Attacks Uncovered Join host David Shipley for today's cybersecurity updates on the last day of summer 2025. In this episode, we delve deep into Microsoft's critical Entra ID vulnerability, a cyber attack crippling major European airports, the rise of SpamGPT targeting phishing operations, and the alarming zero-click flaw in OpenAI's deep research agent. Hear about Canadian Police's big win against the shadowy Trade Ogre crypto platform and their $40 million asset seizure. Buckle up for a reality check on the evolving cyber threats and their impact on global security. 00:00 Introduction and Overview 00:55 Microsoft's Extinction Level Vulnerability 05:19 European Airports Cyber Attack 08:20 SpamGPT: AI for Cyber Criminals 09:53 Shadow Leak: Zero Click AI Vulnerability 12:09 Trade Ogre Takedown 14:50 Conclusion and Upcoming Events
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
CTRL-Z DLL Hooking Attackers may use a simple reload trick to overwrite breakpoints left by analysts to reverse malicious binaries. https://isc.sans.edu/diary/CTRL-Z%20DLL%20Hooking/32294 Global Admin in every Entra ID tenant via Actor tokens As part of September s patch Tuesday, Microsoft patched CVE-2025-55241. The discoverer of the vulnerability, Dirk-jan Mollema has published a blog post showing how this vulnerability could have been exploited. https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ WatchGuard Firebox iked Out of Bounds Write Vulnerability CVE-2025-9242 WatchGuard patched an out-of-bounds write vulnerability, which could allow an unauthenticated attacker to compromise the devices. https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 NVidia Triton Inference Server NVIDIA patched critical vulnerabilities in its Triton Inference Server. https://nvidia.custhelp.com/app/answers/detail/a_id/5691
In episode 254 of our SAP on Azure video podcast we talk about Entra ID Governance from a Customer perspectiveWe continue today with the topics around Entra ID and SAP. We have covered different aspects of the integration of Entra ID and SAP in different ways in the past, but we thought that today we could take a look from a customer perspective. I am glad to have Roj Koc with us today, who is working closely with customers in Denmark and northern Europe to share what he is seeing in the market. Find all the links mentioned here: https://www.saponazurepodcast.de/episode254Reach out to us for any feedback / questions:* Robert Boban: https://www.linkedin.com/in/rboban/* Goran Condric: https://www.linkedin.com/in/gorancondric/* Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/ #Microsoft #SAP #Azure #SAPonAzure #EntraID #IAG #SAPIDM
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: CISA warns about the path from on-prem Exchange to the cloud Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are Everyone and their dog seems to have a shell in US Federal Court information systems Google pays $250k for a Chrome sandbox escape Attackers use javascript in adult SVG files to … farm facebook likes?! SonicWall says users aren't getting hacked with an 0day… this time. This week's episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together. This episode is also available on Youtube. Show notes CISA, Microsoft issue alerts on ‘high-severity' Exchange vulnerability | The Record from Recorded Future News Advanced Active Directory to Entra ID lateral movement techniques Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications Cartels may be able to target witnesses after major court hack Federal judiciary tightens digital security as it deals with ‘escalated cyberattacks' | The Record from Recorded Future News Citrix NetScaler flaws lead to critical infrastructure breaches | Cybersecurity Dive DARPA touts value of AI-powered vulnerability detection as it announces competition winners | Cybersecurity Dive Buttercup is now open-source! HTTP/1.1 must die: the desync endgame US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms | The Record from Recorded Future News North Korean cyber-espionage group ScarCruft adds ransomware in recent attack | The Record from Recorded Future News Adult sites are stashing exploit code inside racy .svg files - Ars Technica Google pays 250k for Chromium sandbox escape SonicWall says recent attack wave involved previously disclosed flaw, not zero-day | Cybersecurity Dive Two groups exploit WinRAR flaws in separate cyber-espionage campaigns | The Record from Recorded Future News Tornado Cash cofounder dodges money laundering conviction, found guilty of lesser charge | The Record from Recorded Future News Hackers Hijacked Google's Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home | WIRED Malware in Open VSX: These Vibes Are Off How attackers are using Active Directory Federation Services to phish with legit office.com links Introducing our guide to phishing detection evasion techniques The State of Attack Path Management
Are you tapping the power of Microsoft Graph? Richard chats with Tony Redmond about his work teaching people to leverage Microsoft Graph and all the insights it can provide about their organization. Tony views Graph as one of the key skills a sysadmin needs to manage an M365 tenant, alongside Exchange Online, SharePoint, and Teams. Throw in some Entra ID skills with Graph and you're ready to take on the rest - and there's a lot! Tony is also responsible for the excellent Office 365 for IT Pros book, now in its 12th edition for 2026. These are the fundamentals that can help you embrace the Copilot future we're all facing - and there's a lot to learn!LinksGraph PowerShell SDKAzure AutomationOffice 365 for IT Pros 2026 EditionMaesterAgent Governance in M365Secure Future InitiativeLinkable Identifiers in Microsoft EntraRecorded July 24, 2025
On September 30th Microsoft will only support a new unified multi-factor authentication control configuration. What does this mean for your nonprofit?In March 2023 Microsoft announced that after September 30th, 2025, they would no longer automatically support “legacy” multi-factor authentication controls in the Microsoft 365 Entra ID and General Admin administration portals. The methods your staff are using now will not automatically roll over to be allowed via the new admin dashboard after that date. Steve Longenecker, Community IT's Director of IT Consulting, explains to Carolyn the implications for nonprofits of this change and the Microsoft unified security administration deadline.The takeaways: The new unified authentication dashboard is available now to Microsoft 365 admins.The new Authentication Methods page does not inherit methods allowed in the legacy controls. An administrator needs to manually enable the MFA methods your organization wants to allow. Old MFA options your staff are using now will not roll over automatically to the new dashboard.Microsoft and Community IT are pushing admins to use this opportunity to to exclude less secure MFA methods. Community IT advises against allowing SMS texting and one-time codes sent to personal email addresses as MFA methods. You can upgrade and implement the new MFA and password reset options at any time, and we advise you to do this before September 30, whether or not Microsoft grants an extension of the deadline.If you just started using Microsoft 365 for Nonprofits, you don't need to worry about the deadline because your initial configuration would already be using the new Authentication Methods page. If you haven't made the change or don't know, you need to check before September 30, 2025.This change is visible only to Microsoft administrators, who should be making the change and informing staff where appropriate. If you are a nonprofit leader or board member and have not heard from your IT Director or outsourced IT, check with them to understand the plan for your organization. If you are a nonprofit staffer, pay attention to directions on using the safest MFA to protect your nonprofit.While not directly impacted by this deadline from Microsoft, Carolyn and Steve discuss the importance of “phish-resistant” MFA, preventing Attacker-in-the-Middle (AitM) attacks, for executives and staff working in finance, IT and other highly targeted areas of your operations. NOTE: The timelines on Microsoft changes do sometimes shift, and we are working to keep you updated. Please check for the most recent blog or podcast from us to ensure you have the most recent update. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.
In episode 253 of our SAP on Azure video podcast we talk about SAP HCM with Microsoft Entra ID Governance. In previous episodes we have talked about the extensibility concept of Entra ID, Entra ID Governance and other SAP integration. In a lot of customer scenarios, these integrations are relevant in the context of HCM. So today -- after more than 3 years -- I am happy to welcome Chetan Desai with us again. He recently published new guidance on integrating SAP HCM with Microsoft Entra ID Governance, using flexible provisioning options like CSV, SAP BAPI, or SAP IDocsFind all the links mentioned here: https://www.saponazurepodcast.de/episode253Reach out to us for any feedback / questions:* Goran Condric: https://www.linkedin.com/in/gorancondric/* Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/ #Microsoft #SAP #Azure #SAPonAzure #HCM #EntraID
⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
Troubleshoot identity issues, investigate risky users and apps, and optimize Conditional Access policies using natural language—with built-in AI from Microsoft Security Copilot in Microsoft Entra. Instead of switching between logs, PowerShell, and spreadsheets, Security Copilot centralizes insights for faster, more focused action. Resolve compromised accounts, uncover ownerless or high-risk apps, and tighten policy coverage with clear insights, actionable recommendations, and auto-generated policies. Strengthen security posture and reclaim time with a smarter, more efficient approach powered by Security Copilot. Diana Vicezar, Microsoft Entra Product Manager, shares how to streamline investigations and policy management using AI-driven insights and automation. ► QUICK LINKS: 00:00 - Microsoft Entra with Security Copilot 01:26 - Conditional Access Optimization Agent 03:35 - Investigate risky users 05:49 - Investigate risky apps 07:34 - Personalized security posture recommendations 08:20 - Wrap up ► Link References Check out https://aka.ms/SecurityCopilotAgentsinMicrosoftEntra ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
In episode 246 of our SAP on Azure video podcast we talk about SAP Identity Management and Microsoft Entra ID. Since the announcement from SAP about SAP IDM, a lot of customers have already started their journey to move to Entra ID. We have had several customers talking about their experience and also hosted several hands-on sessions. Martin Raepple is key player in most of these discussions and today we want to show in more detail how the journey is evolving. To today he shows us how to integrate Microsoft Entra with SAP Cloud Identity Services and leverage Microsoft Entra's advanced features to migrate and modernize existing SAP IDM workflows, using self-service UIs, integration with SAP data sources, and much more.Find all the links mentioned here: https://www.saponazurepodcast.de/episode246Reach out to us for any feedback / questions:* Goran Condric: https://www.linkedin.com/in/gorancondric/* Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/ #Microsoft #SAP #Azure #SAPonAzure #SSO #IDM #EntraID #SAPIAS #Governance
Cloudflare says yesterday's widespread outage was not caused by a cyberattack. Predator mobile spyware remains highly active. Microsoft is investigating ongoing Microsoft 365 authentication services issues. An account takeover campaign targets Entra ID users by abusing a popular pen testing tool. Palo Alto Networks documents a JavaScript obfuscation method dubbed “JSFireTruck.” Trend Micro and Mitel patch multiple high-severity vulnerabilities. CISA issues multiple advisories. My Hacking Humans cohost Joe Carrigan joins us to discuss linkless recruiting scams. Uncle Sam wants an AI chatbot. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Joe Carrigan, one of Dave's Hacking Humans co-hosts, to talk about linkless recruiting scams. You can learn more in this article from The Record: FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters. Tune in to Hacking Humans each Thursday on your favorite podcast app to hear the latest on the social engineering scams that are making the headlines from Joe, Dave and their co-host Maria Varmazis. Selected Reading Cloudflare: Outage not caused by security incident, data is safe (Bleeping Computer) Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection (Cyber Security News) Microsoft confirms auth issues affecting Microsoft 365 users (Bleeping Computer) TeamFiltration Abused in Entra ID Account Takeover Campaign (SecurityWeek) 270K websites injected with ‘JSF-ck' obfuscated code (SC Media) Palo Alto Networks Patches Series of Vulnerabilities (Infosecurity Magazine) SimpleHelp Vulnerability Exploited Against Utility Billing Software Users (SecurityWeek) Trend Micro fixes critical vulnerabilities in multiple products (Bleeping Computer) Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking (SecurityWeek) CISA Releases Ten Industrial Control Systems Advisories (CISA) Trump team leaks AI plans in public GitHub repository (The Register) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
If you like what you hear, please subscribe, leave us a review and tell a friend!
Strengthen your security posture in Microsoft Entra by following prioritized Secure Score recommendations. Enforce MFA, block legacy authentication, and apply risk-based Conditional Access policies to reduce exposure from stale accounts and weak authentication methods. Use built-in tools for user, group, and device administration to detect and clean up identity sprawl—like unused credentials, inactive accounts, and expired apps—before they become vulnerabilities. Jeremy Chapman, Microsoft 365 Director, shares steps to clean up your directory, strengthen authentication, and improve overall identity security. ► QUICK LINKS: 00:00 - Microsoft Entra optimization 00:54 - New Recommendations tab 02:11 - Enforce multifactor authentication 03:21 - Block legacy authentication protocols 03:58 - Apply risk-based Conditional Access 04:44 - Identity sprawl 05:46 - Fix account sprawl 08:06 - Microsoft 365 group sprawl 09:36 - Devices 10:33 - Wrap up ► Link References Watch part one of our Microsoft Entra Beginner's Tutorial series at https://aka.ms/EntraBeginnerMechanics Check out https://aka.ms/MicrosoftEntraRecommendations ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
The future of generative AI might very well be agentic workloads. Fresh from Build 2025, we take a look at Agent IDs in Entra ID. What are they, and why would even need to know how they work? What's the difference from Enterprise Applications? We consider compliance, reporting, licensing and other aspects on Agent IDs. (00:00) - Intro and catching up.(04:08) - Show content starts.Show links- Agent IDs announcement from Build 2025- Give us feedback!
In this episode of Tech Talks Daily, I'm joined by Glen Shok, VP of Product Marketing at Panzura, for a detailed look into how the company is rethinking hybrid cloud storage with the release of CloudFS 8.5 Adapt. CloudFS 8.5 isn't just another update. Built in direct response to customer feedback, it introduces powerful new features like Instant Node and Regional Store that redefine performance, availability, and business continuity. Instant Node allows failed systems to be replaced or migrated in under five minutes. Regional Store brings high-speed data access closer to end users around the world while reducing latency and cloud egress costs. As Glen explains, the latest release meets the growing demand for flexibility in the face of geopolitical uncertainty, rising cloud costs, and evolving IT infrastructure. Panzura is helping organizations maintain uptime, protect data, and adapt quickly, whether moving away from VMware or modernizing a global IT footprint. CloudFS 8.5 Adapt enables this without forcing customers to compromise on control, performance, or security. We also explore how Panzura's vision for autonomic data infrastructure is becoming a reality. With every CloudFS node sharing full configuration metadata, new nodes can spin up almost instantly. AI plays a central role here too. Through Panzura Data Services, AI tracks behavioral anomalies to detect early signs of data exfiltration, ransomware, or internal threats. This provides not just alerts, but the ability to interdict and isolate risky behavior in real time. Looking ahead, Glen shares how Panzura is preparing to support AI workloads directly where unstructured data lives. Instead of migrating terabytes to external platforms, organizations can train language models in place, reducing cost and complexity. With features like enhanced RBAC, native Entra ID support, and a virtual data lake model on the horizon, Panzura is clearly positioning itself at the intersection of enterprise storage and AI innovation. If you work in cloud infrastructure, cybersecurity, data governance, or AI deployment, this episode offers practical insights into the challenges IT teams face today and the technologies that are solving them.
Welcome to Episode 401 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben Stegink and Scott Hoag dive into the intricacies of implementing Zero Trust principles within Microsoft 365 environments. They explore the foundational aspects of Zero Trust, starting with identity management and the importance of Entra ID. They also cover: Identity Management: The critical role of identity in Zero Trust, including MFA, password policies, and least privilege access. Endpoint Security: Strategies for verifying and managing devices, including compliance checks and the balance between corporate and BYOD devices. Networking: The complexities of securing network traffic in a SaaS environment, including conditional access policies and the emerging Global Secure Access feature. Application Management: The role of Defender for Cloud in monitoring shadow IT and ensuring data security across various applications. Data Protection: Techniques for safeguarding sensitive information, including DLP policies and the upcoming network-level DLP capabilities. Join us as we unpack these topics and provide practical insights for enhancing your organization's security posture with Zero Trust. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Zero Trust deployment for technology pillars Securing identity with Zero Trust Secure endpoints with Zero Trust Secure endpoints with Zero Trust Secure applications with Zero Trust Secure data with Zero Trust Microsoft Zero Trust Assessment About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
I cover the news over the weekend about Entra ID account lockouts, I discuss several recent vulnerabilities, a policy change by Google and more! Reference Links: https://www.rorymon.com/blog/entra-id-account-lockouts-critical-pytorch-bug-scheduled-tasks-for-gemini/
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
It's Week D, do you know where your preview update is? 23H2 is out - 24H2, not so much! No surprises in the new features list, but are more new features on the way? Windows New text actions in Click to Do - Practice in Reading Coach and Read with Immersive Reader - in Dev and Beta (24H2) Find cloud-based (OneDrive-based) photos using Semantic search - Comes to EEA, Snapdragon X only for now, Dev and Beta Voice access improvements - add words to custom dictionary - Dev and Beta Updated green screen UI - latest Canary build, from today Minor update to the Beta/23H2 channel, no new features Ubuntu 25.04 is out and there's a native Arm64 ISO (!) and BitLocker support Hands-on with WSL (which is stuck at 24.xx) and in Hyper-V on a Copilot+ PC Is dual-boot even possible on Arm? (Yet) Friday night update to identity caused accounts to be marked as leaked for 50,000 partner accounts AI We're in a new wave: Microsoft 365 Copilot updated, new Agent Store and more on the way Copilot Vision is now free for everyone in Microsoft Edge Google is giving Gemini Advanced/Google One AI Premium away for free to US college students Google estimates its Gemini AI chatbot had 35M DAUs and 350M MAUs worldwide as of last month while ChatGPT had 160M DAUs and 600M MAUs (Erin Woo/The Information) Perplexity is coming to Samsung and Motorola phones - and Microsoft is apparently coming to Motorola too Antitrust It's getting real - 20 years after US v. Microsoft, Big Tech is finally getting a reckoning Google has now lost two major US antitrust cases in less than a year US v. Google (search): DOJ wants Judge to break up Google US v. Google (ads): Google found to have another illegal monopoly What's the "right" outcome for Chrome and Google's ad businesses? OpenAI says it would be happy to buy Chrome from Google- hilarious Google just killed Privacy Sandbox, cites regulatory climate Apple, Meta fined by EU for not conforming to the DMA Apple Intelligence is no longer "available now" (Siri: Is it raining?) Xbox/gaming Elder Scrolls IV Remastered lands on Xbox, PC, PS5 and Game Pass Xbox app arrives on LG smart TVs It's (back) on: Nintendo Switch 2 pre-orders rescheduled to April 24 with no price change And the demand is higher than expected, Nintendo says Tips and Picks Tip of the week: It's time to look at Google Fi again HARDWARE pick of the week: Microsoft keyboards and mice are back, baby RunAs Radio this week: Agentic AI for IT Pros with Tim Warner Brown liquor pick of the week: Dark Harmony No. 3 Black IPA Cask Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsor: spaceship.com/twit
In this news episode, the trio explores the latest updates in the Windows Insider program. They also discuss how QR code authentication in Entra ID can simplify access for frontline workers in specific scenarios. In Microsoft Fabric, the focus is on integrating Apache Iceberg data with OneLake, along with notable improvements to External Data Sharing. Azure Stream Analytics now supports integration with Azure Event Hub Schema Registry. Lastly, the Azure Virtual Network Manager Network Verifier can be the tool to help gain visibility to your network connectivity in Azure. Hosted on Acast. See acast.com/privacy for more information.
In this episode, we dive deep into Azure security, incident response, and the evolving cloud threat landscape with Katie Knowles, Security Researcher and former Azure Incident Responder. We spoke about common Azure incident response scenarios you need to prepare for, how identity and privilege escalation work in Azure, how Active Directory and Entra ID expose new risks and what security teams need to know about Azure networking and logging.Guest Socials: Katie's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:27) A bit about Katie(03:17) Domain Admin in Azure(07:03) Common causes of incidents in Azure(08:53) Identities in Azure(11:44) Third Party Identities in Azure(17:34) Azure Networking and Incident Response(22:35) Common Incidents in Azure(26:53) AI specific incidents in Azure(28:45) Privilege escalation in Azure(39:37) Where to start with Azure Research?(48:20) The Fun Questions
On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly
On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly
On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly
On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly
On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly
Are the dense jungles of Windows Server leaving you lost? Are Active Directory tangles, Entra ID integrations, or legacy issues keeping your IT nights sleepless? Well, grab your machete (or PowerShell) and join us on an expedition into the depths of Microsoft ecosystems in this week's episode of Data Center Therapy!In this thrilling adventure, your trusted guides, Matt “Server Sherpa” Yette and Matt “Patch Paladin” Cozzolino, are joined once again by IVOXY's own Microsoft guru, Dade “Forest Ranger” Wilson. Together, they brave the wilds of Windows Server and Active Directory to uncover the secrets, pitfalls, and solutions waiting within.What treasures (and traps) await you in this episode?Windows Server Assessment: Dade spills the beans on what his assessment covers, from identifying lurking performance issues to spotting security vulnerabilities in forgotten corners of your environment.Active Directory & Entra ID: How do these two pillars of Microsoft infrastructure intersect, and why do they often make us break a sweat?Best Practices & Pro Tips: Schema upgrades, time-sync nightmares, and why DNS is always the culprit—Dade and the Matts share their survival tips.Upcoming Workshop Alert: Don't miss out on IVOXY's upcoming Active Directory/Entra ID workshop and hands-on training class, led by Dade, designed to demystify these crucial Microsoft tools and set your team up for success.As always, if you enjoy the show, please be sure to like, share with three colleagues and subscribe wherever you get your quality podcasts.From the DCT crew – Stay cool, stay protected, be informed and see you at the next event and episode, compadres
Entra ID is the current inheritor of the mantle of Active Directory. No, don't be afraid, we're not going to do any binding on this show. We're going to give you the brass tacks for what Microsoft is using Entra for, how Mac Admins should think about it, and how it fits into the modern world for Mac Admins. Hosts: Tom Bridge - @tbridge@theinternet.social Marcus Ransom - @marcusransom Guests: Michael Epping, Senior Program Manager, Microsoft – LinkedIn Mark Morowczynski, Principal Security Researcher, Microsoft – LinkedIn Links: Extending the AD schema (pay attention to the date) https://lists.samba.org/archive/samba-technical/attachments/20101123/6d648bd4/attachment.pdf Password Guide: https://aka.ms/PasswordlessGuide Sponsors: Kandji 1Password Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson
In this interview Patrick Gray talks to Yubico's COO and President Jerrod Chong about a new Yubikey feature: pre-registration. You can now ship pre-registered Yubikeys to your staff so you don't need to rely on your staff to enrol them. They've achieved this with really slick Okta and Entra ID integrations. Jerrod also talks about a recent trip to Singapore and concerns he has about the cybersecurity of critical infrastructure in the energy sector.
Microsoft’s Active Directory and Entra ID are valuable targets for attackers because they store critical identity information. On today’s Packet Protector, we talk with penetration tester and security consultant Eric Kuehn about how he approaches compromising AD/Entra ID, common problems he sees during client engagements, quick wins for administrators and security pros to fortify their... Read more »